Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2007-5275: possible vulnerability

Related Vulnerabilities: CVE-2007-5275   CVE-2002-1467   CVE-2007-4324  

Source

Debian Bug report logs - #449110
CVE-2007-5275: possible vulnerability

version graph

Package: flashplugin-nonfree; Maintainer for flashplugin-nonfree is Bart Martens <bartm@debian.org>; Source for flashplugin-nonfree is src:flashplugin-nonfree (PTS, buildd, popcon).

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Sat, 3 Nov 2007 07:45:02 UTC

Severity: important

Tags: security

Found in versions flashplugin-nonfree/9.0.31.0.1, flashplugin-nonfree/9.0.48.0.1etch4, flashplugin-nonfree/9.0.48.0.2

Fixed in version flashplugin-nonfree/9.0.115.0.1

Done: Bart Martens <bartm@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Bart Martens <bartm@knars.be>:
Bug#449110; Package flashplugin-nonfree. (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Bart Martens <bartm@knars.be>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2007-5275: possible vulnerability
Date: Sat, 03 Nov 2007 18:51:16 +1100
Package: flashplugin-nonfree
Severity: important
Tags: security

Hi

The following CVE[0] has been issued against flashplugin-nonfree.

CVE-2007-5275:

The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a
victim machine to establish TCP sessions with arbitrary hosts via a
Flash (SWF) movie, related to lack of pinning of a hostname to a single
IP address after receiving an allow-access-from element in a
cross-domain-policy XML document, and the availability of a Flash Socket
class that does not use the browser's DNS pins, aka DNS rebinding
attacks, a different issue than CVE-2002-1467 and CVE-2007-4324.

If you fix that by an upload, please mention the CVE number in the
changelog.

Thanks for your efforts.

Cheers
Steffen

[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275

Bug marked as found in version 9.0.31.0.1. Request was from Bart Martens <bartm@knars.be> to control@bugs.debian.org. (Sat, 03 Nov 2007 08:24:05 GMT) (full text, mbox, link).

Bug marked as found in version 9.0.48.0.1etch4. Request was from Bart Martens <bartm@knars.be> to control@bugs.debian.org. (Sat, 03 Nov 2007 08:24:06 GMT) (full text, mbox, link).

Bug marked as found in version 9.0.48.0.2. Request was from Bart Martens <bartm@knars.be> to control@bugs.debian.org. (Sat, 03 Nov 2007 08:24:06 GMT) (full text, mbox, link).

Bug marked as found in version 1:1.2. Request was from Bart Martens <bartm@knars.be> to control@bugs.debian.org. (Sat, 03 Nov 2007 08:24:07 GMT) (full text, mbox, link).

Tags added: security Request was from Bart Martens <bartm@knars.be> to control@bugs.debian.org. (Sat, 03 Nov 2007 08:24:08 GMT) (full text, mbox, link).

Bug marked as fixed in version 9.0.115.0.1. Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Sat, 22 Dec 2007 13:33:04 GMT) (full text, mbox, link).

Bug no longer marked as found in version 1:1.2. Request was from Bart Martens <bartm@knars.be> to control@bugs.debian.org. (Mon, 21 Jan 2008 18:15:11 GMT) (full text, mbox, link).

Reply sent to Bart Martens <bartm@debian.org>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #24 received at 449110-done@bugs.debian.org (full text, mbox, reply):

From: Bart Martens <bartm@debian.org>
To: 449110-done@bugs.debian.org
Subject: flashplugin-nonfree: CVE-2007-5275: possible vulnerability
Date: Fri, 29 Feb 2008 07:03:17 +0100
This bug is marked as "found in versions" no longer in Debian.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 28 Mar 2008 07:35:00 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:59:02 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started